Thank you for the info! I am thinking maybe of using an CheckPoint Edge type device so that the VPN connection is actually a piece of hardware. That way when the PC boots it should already have a connection back to HQ. Can DHCP pass over a VPN connection? Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+ Senior Network Administrator -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Evan Mann Sent: Thursday, November 10, 2005 1:49 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: CAG Licenses Required for CSG Replacement I put a DC in every site, even if it's got 5 people. I use an OptiPlex (since we are Dell shop) tower with 2 HDD's and an $80 Promise RAID card doing RAID 1. It's inexpensive and gives some failover incase the internet line goes down. They'll still be able to auth resources and what not. If the VPN client runs as a service and connects at startup, then login scripts should run fine. Once the VPN is connected, all your GPO's will run in their scheduled intervals. There could be issues about the GPO's and other work that happens at boot time. That would depend on if the VPN client connects first or not. ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Matthew Shrewsbury Sent: Thursday, November 10, 2005 1:47 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: CAG Licenses Required for CSG Replacement By authenticate I mean logon to the PC and process logon scripts GPO etc on a DC located over the VPN. I'm thinking for our small sites instead of installing a frame link just purchase a fast Internet connection. We have a few sites that at the moment just run Citrix over the Internet but we have no way of managing there PC. Thanks for the info! Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+ Senior Network Administrator -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Evan Mann Sent: Thursday, November 10, 2005 12:15 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: CAG Licenses Required for CSG Replacement Authenticate to be able to login to the computer, or just authenticate in general? The Cisco VPN client can run at bootup and connect to the default session, so once it's connected and pulls an IP, it can use your remote DC to auth the login. I haven't had a need to do this, at least not yet. If you just mean auth in general, then yes, I have a couple of users with no local DC and they do everything against a DC in a remote site. ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Matthew Shrewsbury Sent: Thursday, November 10, 2005 11:58 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: CAG Licenses Required for CSG Replacement A little off topic but does anyone use a VPN where remote Windows clients over the Internet can authenticate with DCs back at the other end of the VPN? I'm thinking for smaller sites that don't have the need for a full DC at that site. Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+ Senior Network Administrator -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Schneider, Chad M Sent: Thursday, November 10, 2005 11:45 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: CAG Licenses Required for CSG Replacement We also already have a VPN solution, free (Cisco), but are evaluating this CAG, due to it's ease of use, configuration, ease for the end user, etc. ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jeff Durbin Sent: Thursday, November 10, 2005 10:19 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: CAG Licenses Required for CSG Replacement Good point about concurrent licensing; I'd have to look at how many concurrent users we have externally at a given time. But regardless of the number, I'm not paying for VPN licenses to get CSG functionality. It's a bummer because I really like the VPN functionality, but other VPN technologies are on the table at my company. It would have been a great way to let some users start validating the VPN functionality, which *could* have ultimately been a huge VPN win for Citrix. ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Schneider, Chad M Sent: Wednesday, November 09, 2005 8:31 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: CAG Licenses Required for CSG Replacement Hardware is $2495, list price, a good vendor can cut that some. We are looking to buy 2, for load balance/redundancy. We have thousands of VPN users, but only see @ 100-150 concurrent at peak times. ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Greenberg Sent: Wednesday, November 09, 2005 10:17 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: CAG Licenses Required for CSG Replacement That is a fair point, if they gave away the CSG functionality for the price of the hardware there would be a lot of shops that would be happy to move to the new platform. These users could then become VPN users in the future- point well taken....... BTW, the hardsware is $2495 and the licenses are concurrent so I doubt you would need 3500 licenses! Steve Greenberg Thin Client Computing 34522 N. Scottsdale Rd. suite D8453 Scottsdale, AZ 85262 (602) 432-8649 (602) 296-0411 fax steveg@xxxxxxxxxxxxxx ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jeff Durbin Sent: Wednesday, November 09, 2005 6:43 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: CAG Licenses Required for CSG Replacement That's pretty crappy. I'm still paying $3,000 for the appliance, to replace a Windows server that's running free software. I have 3500 users with access via the CSG, and obviously, there's no way I'm paying $350,000 to replace our CSG's. Too bad for Citrix, as they could potentially have gotten a foothold in our VPN space via the CSG replacement. ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Greenberg Sent: Wednesday, November 09, 2005 9:04 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: CAG Licenses Required for CSG Replacement Yes it does require licenses. It is a replacement, but not a free replacement. Once the user connects you can configure whether you give them a full VPN tunnel, hand off to WI (CSG), or kiosk mode. Any combination of these features requires a CAG concurrent license. The good news is that box performs extremely well, is wel integrated with all the CTX products. The even better news is that it is a hardened LINUX OS and not Windows pretending to be a security device! Steve Greenberg Thin Client Computing 34522 N. Scottsdale Rd. suite D8453 Scottsdale, AZ 85262 (602) 432-8649 (602) 296-0411 fax steveg@xxxxxxxxxxxxxx ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of techlists@xxxxxxxxxxxxxxxx Sent: Wednesday, November 09, 2005 9:49 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] CAG Licenses Required for CSG Replacement In addition to being a SSL VPN, the CAG is being positioned as a replacement for CSG. Does anyone know if the CSG functionality requires a CAG license? Thanks, JD